Reuters reports that the FBI’s investigation of the SolarWinds supply chain attack is looking into evidence that Chinese threat actors successfully exploited a vulnerability in the company’s software to compromise a payroll system operated by the US Department of Agriculture. The vulnerability exploited is said to be different from the one used by UNC2452, the threat actor believed to be a Russian intelligence service. As the Washington Post observes, many had suspected that another group was also actively exploiting SolarWinds, but Reuters’ report is the first to suggest that this second threat actor was connected to the Chinese government.
Trustwave has identified three additional vulnerabilities in SolarWinds products. The researchers say the vulnerabilities are severe, and should be addressed as soon as possible, but that they’ve seen no evidence of exploitation in the wild.
Amnesty International reports that the government of South Sudan obtained Verint Systems’ communications intercept tools between 2015 and 2017. According to Amnesty’s report, South Sudan’s National Security Service has been abusing the technology to keep journalists, critics, and dissidents under surveillance.
Nox Limited told us today that they'd reached an agreement with ESET to address selective exploitation of Nox's BigNox Android emulator. They intend to cooperate in investigating the incident and will provide further information as it becomes available.
Microsoft warns of a spike in business email compromise scams soliciting gift cards said to be intended for K-12 teachers.
BleepingComputer reports that criminals are stealing paycard data from other criminals who skimmed the data using Magento.